Correctly configured security groups are critical for an appliance in an optimization group to discover and accelerate with its peers. The Cloud Portal automates many steps in the security group configuration.

For example, consider a configuration in which Cloud Accelerator 1, Cloud Accelerator 2, and Cloud Server A are members (nodes) of the same optimization group. The Cloud Portal automatically creates a security group (Security Group 1) when Cloud Accelerator 1 is provisioned.

Initially, Security Group 1 does not let Cloud Accelerator 2 or Cloud Server A access Cloud Accelerator 1. However, after each node in the optimization group communicates with the Cloud Portal and transmits its IP address, the portal automatically adds rules, called discovery service rules, to Security Group 1 so that the group allows access to Cloud Accelerator 1 from the node.

To complete the configuration, you must also add your own rules, called custom rules, because:

Custom rules are not added to the security group for the Discovery Service and are not tracked by the Cloud Portal.

The Cloud Portal ensures that discovery service rules are automatically added to the security group whenever you restart the appliance. Even if you delete a Discovery Service Rule using a third-party tool such as the AWS user interface, the portal adds it back when you restart the appliance.

To remove a Discovery Service Rule, you must delete it from the Cloud Portal; click delete in the Discovery Service Rule table.

You can add or delete custom rules through the Cloud Portal, which adds or deletes the rules from the security group immediately. But if you subsequently delete a custom rule from the security group using a third-party tool, the Cloud Portal does not ensure that the rule is reapplied when you start the appliance. The custom rules table simply reflects what is currently configured for the security group in the Amazon cloud at the time you visit the page on the Cloud Portal.

For acceleration to work, you must add rules to the Cloud Server security group to allow traffic from the Cloud Accelerator to reach the server TCP ports used by the application you want to accelerate.

When the Discovery Agent is installed on the server, you must enable access to the UDP source port 7801 and destination port 7801 from the Cloud Accelerator on the server’s security group.